Predefined Security Policies
This section describes information about configurable security policies for listeners when you create a load balancer.
Details of the most recent predefined security policies, including available SSL protocols and SSL cipher suites are given in the table below. There are two types of pre-defined security policies in the table below, but when using security policies it is recommended to use the most recent ones.
Predefined SSL Security Policies (Most Recent)
The name of the most recent security policy is given below. Refer to the "2017-05" column in the table.
- Security Policy Name: LBServiceSecurityPolicy-2017-05
Predefined SSL Security Policies (Older)
The name of the previously released security policy is given below. Refer to the "2015-12" column in the table.
- Security Policy Name: LBServiceSecurityPolicy-2015-12
| Encryption Protocol | Cipher Suite | Cipher Suite Parameter Name (User Specified) | Predefined Security Policies | |
|---|---|---|---|---|
| "2017-05" | "2015-12" | |||
| TLS 1.2 Default : true | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | DHE-RSA-AES256-GCM-SHA384 | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | DHE-RSA-AES256-SHA256 | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | ECDH-RSA-AES256-GCM-SHA384 | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | ECDH-ECDSA-AES256-GCM-SHA384 | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | ECDH-RSA-AES256-SHA384 | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | ECDH-ECDSA-AES256-SHA384 | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | ○ | ○ | |
| TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 | ○ | ○ | |
| TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 | ○ | ○ | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | ○ | ○ | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | DHE-RSA-AES128-GCM-SHA256 | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | DHE-RSA-AES128-SHA256 | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | ○ | |
| TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | ECDH-RSA-AES128-GCM-SHA256 | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | ECDH-ECDSA-AES128-GCM-SHA256 | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | ECDH-RSA-AES128-SHA256 | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | ECDH-ECDSA-AES128-SHA256 | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | ○ | ○ | |
| TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 | ○ | ○ | |
| TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | ○ | ○ | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | ○ | ○ | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | ○ | ○ | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | ○ | |
| TLS 1.1 Default : true | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | ○ | ○ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | ○ | ○ | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | ○ | ○ | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | ○ | ○ | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | ○ | ○ | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | ○ | ○ | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | ○ | ○ | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | ○ | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | ○ | ○ | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | ○ | ○ | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | ○ | ○ | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | ○ | ○ | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | ○ | |
| TLS 1.0 Default : false | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | - | - |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | - | - | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | - | - | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | - | - | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | - | - | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | - | - | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | - | - | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | - | |
| SSL 3.0 Default : false | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | - | - |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | - | - | |
| TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | - | - | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | - | - | |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | - | - | |
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | - | - | |
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | EDH-RSA-DES-CBC3-SHA | - | - | |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | - | - | |
| TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | - | - | |
| TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | - | - | |
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | - | - | |
| TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | - | - | |